HA remote access with KeenDNS


#1

I have zyxel router (keenetic ultra II) with build in DNS servise - KeenDNS which give you remote access to the router with third-level domains name and any local device with fourth level domain name. Connection is https. So I can accesses to HA authorization page, but after login just “Unable to connect to Home Assistant”.
I can see: “Login attempt or request with invalid authentication from 192.168.1.1” on front page and nothing in the log.
I tried add to configuration:

http:
  base_url: https://my.domain.keenetic.pro:8123
  api_password: my_password
  trusted_networks: 
    - 192.168.1.1
  ip_ban_enabled: True
  login_attempts_threshold: 10 

But nothing works.
Could someone advise what else I can try?


#2

Remove https:// from your base URL


#3

Thank you for help, but didn’t work . I’m not sure why I need port number, because there is no port number in my link in browser. Port number is set in router. So I tried with and without port.
If there is any type of log I can catch apart of main one?


#4

I catch this exception in Fire fox:
https://pastebin.com/PTps7qzg
Have on idea about it…


#5

What’s doing your SSL? I don’t see any SSL settings in your config. You either need SSL on home assistant or a reverse proxy running your SSL


#6

From router manual:

By default, remote access to the device over the level 4 domain via the KeenDNS service works like this - you connect to the Internet center via the HTTPS protocol, and then you connect to the local device via the HTTP protocol via the HTTP protocol. Therefore, on the device for which we use the domain name of the 4th level, in its settings should not be excluded the possibility of using an HTTP connection, i.e. so that the option “Use only HTTPS” is not enabled. If you want to access via HTTPS, you can manually get your own certificate for the 4th level domain through the command line interface (CLI)

From router to HA required HTTPS or HTTP is enough?


#7

I am not sure, but can be router providing SSL for lower level?


#8

Only if it’s acting as a reverse proxy


#9

I tried:

http:
base_url: my.domain.keenetic.pro:8123
use_x_forwarded_for: true
trusted_proxies:
- 192.168.1.1
trusted_networks:
- 192.168.1.1

Loading match longer but same result. :disappointed_relieved:


#10

Do you understand what a reverse proxy is?

Changing the HA config isn’t going to fix your router…


#11

Not at all :grinning: I need to get SSL certificate and than I can use it with my domain name. Is it correct?


#12

If you want to use https, but if your router doesn’t support the necessary settings for reverse proxy in HA you’ll need to do something else.


#13

I just got reply from manufacture. Router can proxy some ports only:

HTTP: 80, 81, 280, 591, 777, 5080, 8080, 8090 и 65080
HTTPS: 443, 5083, 5443, 8083, 8443 и 65083.

What port is better to use?
Sorry for stupid question, but why HA using 8123 instead of 80 lets say?


#14

You can use any of them.
Use 443 if you don’t want to have to put in a port number when connecting.

Lots of applications use their own ports. Port 80 on a Linux machine is reserved for root only (any port below 1024), and as such would complicate setups, and cause problems.

Forward port 443 to 8123


#15

KeenDNS settings:
domane name: my
Host (local net): 192.168.1.51
TCP port: 443

Port forwarding:
Input: Provider
Output: 192.168.1.51
Protocol: TCP/443
Destination port: 8123

In result at HA logging page: Error: Something went wrong
And nothing in the log. Is it correct settings?


#16

I understand you want to use your router for this, but I don’t think it is going to work. There are things that HA needs to work with reverse proxies.

As an example, this config contains a few items that most normal reverse proxies do not.

If the settings of the built in reverse proxy are not capable of meeting these requirements, then it simply will not work.


#17

OK. It is more complicated than I thought! Any way than you for help!